lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jul 2014 12:21:31 -0700 From: Jay Vosburgh <jay.vosburgh@...onical.com> To: Veaceslav Falico <vfalico@...il.com> cc: netdev@...r.kernel.org, Andy Gospodarek <andy@...yhouse.net> Subject: Re: [PATCH net-next] bonding: permit enslaving interfaces without set_mac support Veaceslav Falico <vfalico@...il.com> wrote: >Currently we exit if the slave isn't the first slave, doesn't support mac >address setting and fail_over_mac isn't FOM_ACTIVE. It's wrong because we >only require ndo_set_mac_address in case bonding is in active-backup mode >and FOM isn't FOM_ACTIVE. > >To fix this - only exit with an error if we're in a/b mode and have >fail_over_mac != FOM_ACTIVE. > >Also, maintain current behaviour on the first slave (forcibly change fom to >FOM_ACTIVE) to not break anyone's configuration. I'm just catching up on this, so I apologize for being late to the party here, but the main point of that test was to prohibit slaves that cannot change their MAC from joining a bond whose mode requires changing the MAC (which is all of them except for active-backup). It looks like the new code path will still fail when bond_enslave() later on attempts to change the MAC, as long as fail_over_mac is not set. If f_o_m is set, the enslave will succeed, after bypassing the dev_set_mac_address call. That in turn would seem to allow creating a bond of any mode, setting fail_over_mac, then filling it with, e.g., ipoib devices. That bond won't function correctly in the modes other than active-backup. Am I missing something here? -J >CC: Jay Vosburgh <j.vosburgh@...il.com> >CC: Andy Gospodarek <andy@...yhouse.net> >Signed-off-by: Veaceslav Falico <vfalico@...il.com> >--- > drivers/net/bonding/bond_main.c | 19 ++++++++++--------- > 1 file changed, 10 insertions(+), 9 deletions(-) > >diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c >index 09dc3ef..e0a33b5 100644 >--- a/drivers/net/bonding/bond_main.c >+++ b/drivers/net/bonding/bond_main.c >@@ -1298,19 +1298,20 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev) > } > > if (slave_ops->ndo_set_mac_address == NULL) { >- if (!bond_has_slaves(bond)) { >- pr_warn("%s: Warning: The first slave device specified does not support setting the MAC address\n", >- bond_dev->name); >- if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP) { >+ pr_warn("%s: Warning: The slave device specified does not support setting the MAC address\n", >+ bond_dev->name); >+ if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP && >+ bond->params.fail_over_mac != BOND_FOM_ACTIVE) { >+ if (!bond_has_slaves(bond)) { > bond->params.fail_over_mac = BOND_FOM_ACTIVE; > pr_warn("%s: Setting fail_over_mac to active for active-backup mode\n", > bond_dev->name); >+ } else { >+ pr_err("%s: Error: The slave device specified does not support setting the MAC address, but fail_over_mac is not set to active\n", >+ bond_dev->name); >+ res = -EOPNOTSUPP; >+ goto err_undo_flags; > } >- } else if (bond->params.fail_over_mac != BOND_FOM_ACTIVE) { >- pr_err("%s: Error: The slave device specified does not support setting the MAC address, but fail_over_mac is not set to active\n", >- bond_dev->name); >- res = -EOPNOTSUPP; >- goto err_undo_flags; > } > } > >-- >1.8.4 > --- -Jay Vosburgh, jay.vosburgh@...onical.com -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists